Monday, April 3, 2017

A year ago, today ...

The IoT, the Internet Of Things, is gradually spreading to all areas of our lives: from being able to control when a package will arrive home to check if our refrigerator has run out of milk. The connectivity of all the devices we use on a day-to-day basis makes our lives simpler and safer in many cases. For instance: being able to see the images of our house security camera in real time from our mobile.

As every Monday we go into our time capsule and we go back a year ago to take perspective and see how we have evolved in the IoT sector and cybersecurity issues. There was an outstanding case on this subject last year: Andrew Auernheimer discovered that thousands of printers around the world had the port 9100 open and without authenticating. To prove it, he assaulted thousands of them and made them print anti-Semitic leaflets. Of course he was condemned for that, because as much as he wanted to demonstrate the existing problem, the way he did it was not right.

And now we move on from a condemned person to an elected one: the deceit that suffered a whole country in order to vote a politician. That is what the hacker Andrés Sepúlveda made for a decade in Latin America, being one of his greatest successes the electoral victory of the Mexican president Enrique Peña Nieto. Sepúlveda, 31 years old, says he traveled across the continent arranging important political campaigns for seven years. With a budget of 600,000€, Peña Nieto's work was by far the most complex. He led a team of hackers who stole campaign strategies, manipulated social networks to create false waves of enthusiasm, and installed spyware in the opposition offices, all to help Peña Nieto win.

We do not leave Latin America, since it was in Brazil where Kaspersky Lab presented a new study of the Brazilian cybercriminal scene, and how it had evolved in recent years due to increasing contact with other scenes such as Eastern Europe. Brazilians have gone from keyloggers and bank trojans to more complex bets on remote administration and even ransomware.

The majority of the companies on the planet were not much better, as an incident experienced by Mattel demonstrated: a cybercriminal stole $3 million from the well-known corporation, through the phishing attack called "CEO Fraud". Someone sent an email to a Mattel executive pretending to be the CEO of the company, and ordering him to make a transfer to a seller in China. According to the report, the money had been sent to Wenzhou Bank, in China, and by the time the scam was made, money had already disappeared. According to the source, the cybercriminal who stole the money had done a lot of surveillance on Mattel's business practices, waiting for the moment when Mattel was getting heavily involved in the Chinese market and presenting his application in such a way that it looked authentic.

And finally we talk about a ransomware, which was created specifically to attack computer systems of hospitals, taking advantage of a failure in JBoss web servers. The attack affected dozens of US hospitals by this time last year. The technicians discovered that some attacks could be blamed on ransomware… but why hospitals? An expert told "Ars Technica" that it was because computer security at hospitals was conspicuous by its absence. But little by little this fact has changed, not only in the reduction of attacks, but also regarding the reinforcement of cybersecurity in all American hospitals.